Solved What is putting files onto my computer?

July 9, 2016 at 17:32:16
Specs: Windows Vista
Masses of txt files are being added to the windows/temp directory. How can I stop this? I have managed to remove the sub-directory, but it immediately comes back with thousands of very small files. Malwarebytes and AVG cannot detect any issues.

See More: What is putting files onto my computer?

Report •


#1
July 9, 2016 at 20:05:15
Any clue in the txt files what application is creating the files?

Report •

#2
July 9, 2016 at 21:02:51
They look like windows update files, and all have the date starting in 2014, and working toward the present e.g. 20140822..... then several more digits in their thousands. I am trying to look at the directory to get more details, but this took several hours / days when I was successful after several attempts. Often the computer just gives up. Thank you for your interest! If I get more information, I will let you know.

I can see more now, and it is different from previously. There are AVG_a (then a 4-digit number), These are file folders, There are also several 'AVG security patches'. There is ASPNET setup, a text file called 'Chrome installer', some called dd_ndp45-KB,(and then a seven-digit number), fwtsqmfile01 (and increasing) with .sqm, two big DES(4-digit number).tmp files. Windows Explorer has now fallen over, but I did see the other files as mentioned previously. There are approximately 500,000 files.

message edited by JohnG.nz


Report •

#3
July 9, 2016 at 22:48:37
✔ Best Answer
Lets have a look at what these find.

Here are the first 2 steps, more steps will be needed, after I see the results of these logs.

Run them in this order.

Step 1: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click Scan
In the results tabs, uncheck anything you don't want to remove.
Click on Cleaning.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[C1 or later].txt as well.
http://i.imgur.com/r3PoAEG.gif

Step 2: Run Malwarebytes Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.bleepingcomputer.com/dow...
http://thisisudax.org/
http://thisisudax.blogspot.com.au/2...
Download Malwarebytes Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.


Report •

Related Solutions

#4
July 9, 2016 at 23:39:23
Thanks JohnW! I have completed the two steps, and noticed that the re-boot was brilliantly faster! The two log files are as follows:

# AdwCleaner v5.201 - Logfile created 10/07/2016 at 18:06:08
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-09.2 [Server]
# Operating system : Windows Vista (TM) Business Service Pack 2 (X86)
# Username : Heather - HEATHER-PC
# Running from : C:\Users\Heather\Downloads\adwcleaner_5.201 (1).exe
# Option : Clean
# Support : https://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : vToolbarUpdater19.4.0

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[#] Folder Deleted : C:\ProgramData\Application Data\AVG Secure Search
[-] Folder Deleted : C:\Program Files\AVG Secure Search
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Secure Search
[-] Folder Deleted : C:\Windows\system32\config\systemprofile\AppData\LocalLow\AVG Security Toolbar
[-] Folder Deleted : C:\Users\Heather\AppData\Local\AVG Secure Search
[-] Folder Deleted : C:\Users\Heather\AppData\LocalLow\AVG Secure Search
[-] Folder Deleted : C:\Users\Heather\AppData\LocalLow\AVG Security Toolbar
[-] Folder Deleted : C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\9ssaw3xj.default\extensions\Avg@toolbar

***** [ Files ] *****

[-] File Deleted : C:\Program Files\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
[-] File Deleted : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.avg.com_0.localstorage
[-] File Deleted : C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_isearch.avg.com_0.localstorage-journal

***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
[-] Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\handler\viprotocol
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\s
[-] Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
[-] Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Search.BrowserWndAPI
[-] Key Deleted : HKLM\SOFTWARE\Classes\Search.BrowserWndAPI.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\Search.PugiObj
[-] Key Deleted : HKLM\SOFTWARE\Classes\Search.PugiObj.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
[-] Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63EDCDD3-8AFC-4358-A90F-F7FB8F5C64FF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
[-] Key Deleted : HKCU\Software\AVG Secure Search
[-] Key Deleted : HKCU\Software\YahooPartnerToolbar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
[-] Key Deleted : HKLM\SOFTWARE\AVG Secure Search
[-] Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\AVG Secure Search
[-] Key Deleted : HKU\.DEFAULT\Software\AVG Secure Search
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3789232432-3461394183-3349493187-1000\Software\AVG Security Toolbar
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
[-] Data Restored : HKU\S-1-5-21-3789232432-3461394183-3349493187-1000\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{948C3813-53CF-4D11-AFFF-870AE0EAF642}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Data Restored : HKU\S-1-5-21-3789232432-3461394183-3349493187-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Web browsers ] *****

[-] [C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\9ssaw3xj.default\prefs.js] Deleted : user_pref("avg.toolbar.buttons_icon", ",,chrome://avg/skin/safesurf.png,chrome://avg/skin/safesurf.png,chrome://avg/skin/safesearch.png,chrome://avg/skin/avglinks.png,chrome://avg/skin/avglinks.png,")[...]
[-] [C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\9ssaw3xj.default\prefs.js] Deleted : user_pref("avg.toolbar.websearchlink", "hxxp://un.yhs.search.yahoo.com/avg/search?fr=yhs-avg");
[-] [C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\9ssaw3xj.default\prefs.js] Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
[-] [C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\9ssaw3xj.default\prefs.js] Deleted : user_pref("browser.startup.homepage", "hxxp://isearch.avg.com/?cid={7C440556-130B-4C69-B8D2-333A8D471E6A}&mid=9ba5dbf9dc4247d690f8d1566f67d58f-b6431f5d7441f993777b148ab5eeb4fa55922729&lang=en&ds=AVG&p[...]
[-] [C:\Users\Heather\AppData\Roaming\Mozilla\Firefox\Profiles\9ssaw3xj.default\prefs.js] Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid={7C440556-130B-4C69-B8D2-333A8D471E6A}&mid=9ba5dbf9dc4247d690f8d1566f67d58f-b6431f5d7441f993777b148ab5eeb4fa55922729&lang=en&ds=AVG&pr=fr&d=[...]
[-] [C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : isearch.avg.com_
[-] [C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : isearch.avg.com
[-] [C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://isearch.avg.com?cid={7C440556-130B-4C69-B8D2-333A8D471E6A}&mid=9ba5dbf9dc4247d690f8d1566f67d58f-b6431f5d7441f993777b148ab5eeb4fa55922729&lang=en&ds=AVG&coid=&cmpid=&pr=fr&d=2012-10-11 13:51:38&v=18.1.9.799&pid=avg&sg=0&sap=hp
[-] [C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Deleted : hxxp://isearch.avg.com/search?cid={7C440556-130B-4C69-B8D2-333A8D471E6A}&mid=9ba5dbf9dc4247d690f8d1566f67d58f-b6431f5d7441f993777b148ab5eeb4fa55922729&lang=en&ds=AVG&pr=fr&d=2012-10-11 13:51:38&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
[-] [C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Deleted : hxxp://isearch.avg.com?cid={7C440556-130B-4C69-B8D2-333A8D471E6A}&mid=9ba5dbf9dc4247d690f8d1566f67d58f-b6431f5d7441f993777b148ab5eeb4fa55922729&lang=en&ds=AVG&coid=&cmpid=&pr=fr&d=2012-10-11 13:51:38&v=18.1.9.799&pid=avg&sg=0&sap=hp

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [11729 bytes] - [10/07/2016 18:06:08]
C:\AdwCleaner\AdwCleaner[S1].txt - [12791 bytes] - [10/07/2016 18:02:00]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [11877 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows Vista (TM) Business x86
Ran by Heather (Administrator) on Sun 10/07/2016 at 18:25:29.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 89

Failed to delete: C:\Windows\wininit.ini (File)
Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\Users\Heather\AppData\Local\{098A43BF-0B19-4E0B-8EB8-C8ABC62B21B6} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{09E2258C-62B5-455B-87B4-DAB03662CD0F} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{1EB90218-0C24-40B4-89F0-4E7EDDDF4AFB} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{227F3E68-4895-4A19-B736-2243DC07F79D} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{288E908D-FC02-495A-BDF0-47A710F9610D} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{326C1E09-8385-4CFB-AF52-BB7A4116EB2B} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{32AF62BE-DCAA-4A50-A8B0-2907B3F3124F} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{387AFD35-03C4-4D0F-A71F-B9D33367BB62} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{3D9F2296-975A-45C6-8E30-260AF813FBA3} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{3DB45E5D-CDFC-4D87-910C-1EFBFE035C87} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{3E9A5537-7CFA-4C0F-9FFD-13B1E5C5929D} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{430C14EA-DDA8-4CCE-9B2D-B43EEC64E9DE} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{446DDB8B-811E-4FC1-9F8A-C2D581934E26} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{47013524-4EC5-4C6C-9A8D-22AECA60AF16} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{485BC5DE-FA95-4B74-A99A-3F9BF443EF7D} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{498B09F5-88C5-478C-92C8-20DC77CC8EF8} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{49A0FEFC-820E-4BFE-B858-DF3697B6A952} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{4E279559-8099-4F97-A8A7-5CC8BEFA3778} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{506CD5D8-4BBF-42B2-A37A-29AEAE13D1F7} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{57ECB410-C9FB-433B-A507-844A445B50E7} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{584158A5-C591-4A0D-A986-3DADD26A8E06} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{58CD946A-B8E1-4629-B6B8-627913D722E8} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{5B0BC89D-E8AB-4C6D-86B4-38998EE3260F} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{5C4A1415-F978-4730-BCCF-0780F379522C} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{616A53A4-27CC-4B7A-BC37-110E2D04D4FE} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{6DB7E2EC-4DA5-433D-8DA4-B48C1A78D28A} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{75E0A176-0D33-4A69-AFC1-7971BBB0E175} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{7867C132-79D6-45CB-A908-9A0A20B00291} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{78876A5C-9FB6-4EB2-A081-DECDA53D2CFE} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{79CE6F46-CE7E-4D6C-9EF7-B5FAA53F24E7} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{7C36F67E-BF24-4784-8482-413717BC0F7C} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{7FE78AFA-4612-489D-9342-C84D2A2083D3} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{8195368D-D679-41F2-A11F-75AD191C0655} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{86B26AA5-D9D3-43BE-943B-00E73541032E} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{91A083EF-144B-43BD-B32C-4E132F0CDE87} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{94010978-3D7F-462A-A74F-40A8234292D3} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{9402AD7D-9E8E-4A35-A6EE-6150A095E2DB} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{950B4CE9-6929-4A81-84AF-4162682E2A4E} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{95CEB991-D97C-4E5D-A28B-8A0278487D81} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{A9482DD0-1B5C-4115-B8F3-A4C4118CC303} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{AA225715-C55B-421C-B611-190074B74C35} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{ABC1EA2F-511E-454C-B62F-072EC1196799} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{AD39A905-B7AB-48D0-BE81-422904F86C7D} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{B10E6D2F-2F13-46CC-BFB3-1335464134F1} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{B2E2AF45-3EBB-4DFD-BE4F-F1CB9223D905} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{B69BC2F6-0168-44DC-A103-0EC3E9A33D38} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{B9179CCC-C8B6-4EF1-B32C-F9CDCB4C9533} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{BEA82DD8-7F5D-48CF-A90F-D29B76EAC1DE} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{BEBCDDFC-E133-4648-B2D4-3CEC239C5F1B} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{C25D2525-2FF7-4433-ABDF-32189661B515} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{C4C5CD3D-2D05-467E-9C9D-94FF6EF03293} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{C56D9972-BD57-4296-B2EE-C4C96EF01EEF} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{C6540F57-7EB4-44DF-B9E0-6C1623AD9206} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{CB290AA8-DF3A-4C03-A7CE-8E1D74E35F23} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{CB2BD307-90AC-4D49-B971-BE82D80BCA19} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{CFD4FD55-2675-4C8D-A905-E00E47EDC79D} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{D4AD75D2-3437-4243-846C-6480140A5971} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{D63646B1-3799-41E2-B825-57849B42F1B5} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{E3D821C8-15E2-4278-9608-870160FC165F} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{E418428B-C096-4892-8BFF-5ECC432087F3} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{E660B66B-AB95-4899-90E1-2FB12AB328D0} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{EC21662F-9C84-4337-8CCE-DA1341633DCB} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{EF13B65E-3EAE-4354-8C76-07D57565327A} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{EF5FB22B-2E68-4316-8F37-0BB5AD31F175} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{FA52D399-0343-4377-8D99-2DC91D6449D3} (Empty Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\{FBCAE4A9-682B-4734-8816-D39F41E105D6} (Empty Folder)
Successfully deleted: C:\Users\Heather\Appdata\LocalLow\AVGTOOLBAR (Folder)
Successfully deleted: C:\Windows\System32\Tasks\Google Update (Task)
Successfully deleted: C:\Users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\12DMR3A5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3J55R2G1 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDQN5ND2 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HF28JLLL (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJZRSBAJ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NP0FK8TD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PXHD9KRQ (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QT6KZ05F (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Heather\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UG3Z6D3R (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\prefetch\TOOLBARUPDATER.EXE-ADDD3D90.pf (File)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\12DMR3A5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3J55R2G1 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FDQN5ND2 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HF28JLLL (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJZRSBAJ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NP0FK8TD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PXHD9KRQ (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QT6KZ05F (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UG3Z6D3R (Temporary Internet Files Folder)

Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} (Registry Key)


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 10/07/2016 at 18:32:30.42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thanks so much!


Report •

#5
July 9, 2016 at 23:53:03
Next step.

Please download Farbar Recovery Scan Tool and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
If we have to run Farbar more than once, refer this SS.
http://i.imgur.com/yUxNw0j.gif
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the Desktop.
The first time the tool is run, it makes also another log (Addition.txt)
The logs are large, upload them using Zippy ( No account/registration needed ) or upload to a site of your choosing. Give us the links please.
http://www.zippyshare.com/
Instructions on how to use ZippyShare.
http://i.imgur.com/naG6t2T.gif
http://i.imgur.com/Vi9ZdIh.gif
http://i.imgur.com/1IZu5kP.gif


Report •

#6
July 10, 2016 at 00:11:06
I have run this one, and the log file is at the following address.

Thanks again!

http://www73.zippyshare.com/v/EPm2I...


Report •

#7
July 10, 2016 at 00:17:49
One more log needed > Addition ( It will be on your Desktop )

Report •

#8
July 10, 2016 at 00:26:37
I am sorry. Here is the link:

http://www73.zippyshare.com/v/HLyUt...


Report •

#9
July 10, 2016 at 00:35:40
Back in about an hour, I'm here.
http://www.timeanddate.com/worldclo...

Report •

#10
July 10, 2016 at 01:33:01
Copy & Paste the text in Blue below & save it into Notepad on your Desktop & name it fixlist.txt
NOTE: It is important that Notepad is used. The fix will not work if Word or some other program is used.
NOTE: It is important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

CreateRestorePoint:
emptytemp:
closeprocesses:
CustomCLSID: HKU\S-1-5-21-3789232432-3461394183-3349493187-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Heather\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3789232432-3461394183-3349493187-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Heather\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3789232432-3461394183-3349493187-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Heather\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3789232432-3461394183-3349493187-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Heather\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3789232432-3461394183-3349493187-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Heather\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
HKLM\...\Run: [] => [X]
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny0wVTZF"&"inst=NzYtODQ0OTQyODAwLVQ1LUJBKzEtS1YzKzctWEwrMS1CQVI5RysxLVRCO (the data entry has 147 more characters).
HKU\S-1-5-21-3789232432-3461394183-3349493187-1000\...\MountPoints2: {696c4bb7-db59-11dd-9d67-001f29833c7c} - H:\LaunchU3.exe -a
URLSearchHook: HKU\S-1-5-21-3789232432-3461394183-3349493187-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
Toolbar: HKU\S-1-5-21-3789232432-3461394183-3349493187-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll => No File
CHR Plugin: (Skype Toolbars) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll => No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll => No File
S3 IDriverT; "C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
U4 eabfiltr; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

Open FRST and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please Copy & Paste the contents into your reply.

message edited by Johnw


Report •

#11
July 10, 2016 at 15:42:54
Progress report. The computer is still working. It could take days, but I will be in contact when it finishes. Thanks again!

Report •

#12
July 10, 2016 at 15:48:19
"Thanks again!"
YW, not many more steps to go, once it finishes.

Report •

#13
July 11, 2016 at 01:53:07
Hi JohnW, I am not sure whether the previous message went through, but the process is complete. I will paste the log file below, as requested.

Fix result of Farbar Recovery Scan Tool (x86) Version: 09-07-2016
Ran by Heather (2016-07-10 20:43:34) Run:1
Running from C:\Users\Heather\Desktop
Loaded Profiles: Heather (Available Profiles: Heather)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
emptytemp:
closeprocesses:
CustomCLSID: HKU\S-1-5-21-3789232432-3461394183-3349493187-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Heather\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3789232432-3461394183-3349493187-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\Heather\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3789232432-3461394183-3349493187-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Heather\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3789232432-3461394183-3349493187-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Heather\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3789232432-3461394183-3349493187-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\Heather\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
HKLM\...\Run: [] => [X]
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny0wVTZF"&"inst=NzYtODQ0OTQyODAwLVQ1LUJBKzEtS1YzKzctWEwrMS1CQVI5RysxLVRCO (the data entry has 147 more characters).
HKU\S-1-5-21-3789232432-3461394183-3349493187-1000\...\MountPoints2: {696c4bb7-db59-11dd-9d67-001f29833c7c} - H:\LaunchU3.exe -a
URLSearchHook: HKU\S-1-5-21-3789232432-3461394183-3349493187-1000 - (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
SearchScopes: HKU\.DEFAULT -> {CCC7A320-B3CA-4199-B1A6-9F516DD69829} URL = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms}
Toolbar: HKU\S-1-5-21-3789232432-3461394183-3349493187-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll => No File
CHR Plugin: (AVG Internet Security) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll => No File
CHR Plugin: (Skype Toolbars) - C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll => No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll => No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll => No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll => No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll => No File
S3 IDriverT; "C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [X]
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
U4 eabfiltr; no ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
S0 Lbd; system32\DRIVERS\Lbd.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]

*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-3789232432-3461394183-3349493187-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully.
"HKU\S-1-5-21-3789232432-3461394183-3349493187-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully.
"HKU\S-1-5-21-3789232432-3461394183-3349493187-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}" => key removed successfully.
"HKU\S-1-5-21-3789232432-3461394183-3349493187-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully.
"HKU\S-1-5-21-3789232432-3461394183-3349493187-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\AvgUninstallURL => value removed successfully.
"HKU\S-1-5-21-3789232432-3461394183-3349493187-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{696c4bb7-db59-11dd-9d67-001f29833c7c}" => key removed successfully.
HKCR\CLSID\{696c4bb7-db59-11dd-9d67-001f29833c7c} => key not found.
HKU\S-1-5-21-3789232432-3461394183-3349493187-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} => value removed successfully.
"HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" => key removed successfully.
HKCR\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => key not found.
HKU\S-1-5-21-3789232432-3461394183-3349493187-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => value removed successfully.
HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => key removed successfully.
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found.
C:\Program Files\Google\Chrome\Application\49.0.2623.112\ppGoogleNaClPluginChrome.dll => not found.
C:\Program Files\Google\Chrome\Application\49.0.2623.112\pdf.dll => not found.
C:\Program Files\Google\Chrome\Application\49.0.2623.112\gcswf32.dll => not found.
C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll => not found.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll => not found.
C:\Users\Heather\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll => not found.
C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll => not found.
C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll => not found.
C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll => not found.
C:\Program Files\Google\Picasa3\npPicasa3.dll => not found.
C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll => not found.
c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll => not found.
IDriverT => service removed successfully.
blbdrive => service removed successfully.
eabfiltr => service removed successfully.
IpInIp => service removed successfully.
Lavasoft Kernexplorer => service removed successfully.
Lbd => service removed successfully.
NwlnkFlt => service removed successfully.
NwlnkFwd => service removed successfully.
UIUSys => service removed successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 8720962 B
Java, Flash, Steam htmlcache => 740 B
Windows/system/drivers => 4109438827 B
Edge => 0 B
Chrome => 227542080 B
Firefox => 75961475 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 66228 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83124 B
LocalService => 132244 B
NetworkService => 304790 B
Heather => 66973925 B

RecycleBin => 0 B
EmptyTemp: => 4.2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:20:58 ====


Report •

#14
July 11, 2016 at 01:57:32
Next step.

Download Security Check by screen317 from one of the following links and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
http://www.bleepingcomputer.com/dow...
Please restart the computer before running this security check..
* Double click SecurityCheck.exe. If you run Windows Vista or 7/8, right click and choose 'Run as Administrator'.
o If you are asked by Windows to run this program or not, please click 'Yes' or 'Run'.
o When you see a console window, press any key to continue scanning.
o Wait while it scans.
o If your firewall alerts you of Security Check, please press 'Allow' or similar.
* A Notepad document should open automatically after scan is completed. It will be called checkup.txt; Please Copy and Paste the contents into your reply.
Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.


Report •

#15
July 11, 2016 at 02:48:19
This is the details of the log file....

Results of screen317's Security Check version 1.014 --- 12/23/15
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
Internet Explorer 8
[b][u]``````````````Antivirus/Firewall Check:``````````````[/b][/u]
[color=red][b]Windows Security Center service is not running! This report may not be accurate![/b][/color]
Windows Firewall Enabled!
AVG AntiVirus Free Edition 2015
Antivirus up to date!
[b][u]`````````Anti-malware/Other Utilities Check:`````````[/b][/u]
Java 7 Update 13
[color=red][b]Java version 32-bit out of Date![/b][/color]
Adobe Flash Player 21.0.0.242
Adobe Reader 9 [color=red][b]Adobe Reader out of Date![/b][/color]
Mozilla Firefox (47.0)
Google Chrome (49.0.2623.110)
Google Chrome (49.0.2623.112)
[b][u]````````Process Check: objlist.exe by Laurent````````[/b][/u]
AVG avgwdsvc.exe
AVG avgrsx.exe
AVG avgnsx.exe
AVG avgemc.exe
[b][u]`````````````````System Health check`````````````````[/b][/u]
Total Fragmentation on Drive C: 9 % [color=red][b]Defragment your hard drive soon! (Do NOT defrag if SSD!)[/b][/color]
[b][u]````````````````````End of Log``````````````````````[/b][/u]


Report •

#16
July 11, 2016 at 02:53:38
"Results of screen317's Security Check version"
Basically it's Ok, a few old versions of some of your programs can be removed.
Adobe Reader & Java need updating.

Extract from the fixlog.
"EmptyTemp: => 4.2 GB temporary data Removed"
Way, way too big, even if you are a gamer.
Here are temp file settings for a normal user, adjust to suit your requirements.
Set Java to 100mb
https://steveshank.com/cgi-bin/arti...
All browsers, set to 50mb ( that's MB, not GB ) for temp.
Chrome is not so straight forward.
How to set Google Chrome cache to 50mb max temporary files.
With comps, there is always more than one way to do things, try this way.
Right click on the Google Chrome shortcut > Properties.
Copy & Paste this below after .exe" as per SS ( Screenshot )
NOTE: There is a space after .exe"
http://i.imgur.com/vgkU3X1.gif
--disk-cache-size=50000"

Extract from your Addition log. Is this deliberate?
"FirewallRules: [TCP Query User{CBBC1903-5B24-4655-8A56-E869A4557B48}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{5A69D520-3BA3-4A9B-BE16-E7BFA54A36B6}C:\program files\mozilla firefox\firefox.exe] => (Block) C:\program files\mozilla firefox\firefox.exe"

Extract from the FRST log.
"Platform: Microsoft® Windows Vista™ Business Service Pack 2 (X86) Language: English (United States)"
Make sure ALL your Regional and Language Options settings are Ok. They will be something similar to this, the main point being, you should have at least 3 places to make sure you have your country displayed.
How do I change the system locale so I can use my language of choice?
http://www.howtogeek.com/howto/1551...
http://home.bt.com/tech-gadgets/com...

Here are details of your main problem.

AVG Secure Search is a browser hijacker, which is promoted via other free downloads, and once installed it will add the AVG Toolbar, change your browser homepage to mysearch.avg.com, and set your default search engine to AVG Secure Search.

Here is how a USER got the problems, no AV would have prevented USER error. Go to any Malware forum & no matter what AV they have installed, they got infected.

As you can see from your logs, you had a lot of stuff installed, that you do not know, how it got installed.
A lot of programs, now give you the choice to install toolbars & other during the install. Either uncheck these items during install, or use Custom install. No more click, click during an install, you have to read after each click.

Or, Use Unchecky to help prevent these third party installs. Nothing is perfect, the badies are always ahead of the goodies, so be vigilant.
http://www.softpedia.com/get/System...
http://www.freewarefiles.com/Unchec...
http://unchecky.com/
A reliable application that aims to protect your computer against third-party components often offered during software installations.

WARNING: CNET Download.com downloads now come bundled with opt-out crapware and toolbars ( Same applies to Softonic & Brothersoft )
http://www.groovypost.com/unplugged...
http://www.howtogeek.com/198622/her...

I use Softpedia & FreewareFiles.com, they make you aware what Ad-supported programs the author of the program has included.
http://win.softpedia.com/index.free...
http://www.freewarefiles.com/new_fi...
Sample\Example pages
http://www.softpedia.com/get/CD-DVD...
First and foremost, extra attention needs to be paid during installation as ImgBurn offers to create desktop shortcuts to third-party apps, as well as install a browser toolbar onto the host computer, which are not required to ensure the smooth running of the app.
SS of above.
http://i.imgur.com/jgGYNsP.gif
http://i.imgur.com/rqSpp1e.gif
This is what ImgBurn tries to install.
http://i.imgur.com/ms4DzE9.gif
http://i.imgur.com/vVkd39a.gif
http://i.imgur.com/rqFVaHs.gif
http://i.imgur.com/sm1T7h6.gif
http://i.imgur.com/vhkKLYo.gif

message edited by Johnw


Report •

#17
July 11, 2016 at 04:14:56
Thanks so much! I have decided to uninstall Chrome, and have adjusted the temp files for the other two browsers. I have updated Java and adjusted the temp file size. Also have installed 'unchecky'.

I am not sure why there is all that redundancy in the firewall rules for firefox? Should I edit it out?


Report •

#18
July 11, 2016 at 04:19:08
"I am not sure why there is all that redundancy in the firewall rules for firefox? Should I edit it out?"
Yep, it's not normal.
Then test & see how it goes.

Any other issues?


Report •

#19
July 11, 2016 at 04:28:41
Thanks so much! I really appreciate your help. I will have a go at editing the firefox stuff out, and get back to you if I have any problems. The computer is running beautifully again now!

Report •

#20
July 11, 2016 at 04:32:21
" I will have a go at editing the firefox stuff out"
Ok, bedtime for you?

Report •

#21
July 11, 2016 at 04:46:34
Absolutely, we are four hours ahead of you. I may decide in the morning to uninstall Firefox.

Report •

#22
July 11, 2016 at 05:07:10
"I may decide in the morning to uninstall Firefox"
If you do, use this to get a full uninstall, it gets all the hidden bits.

Geek Uninstaller
http://www.softpedia.com/get/Tweak/...
http://www.freewarefiles.com/GeekUn...
http://www.freewarefiles.com/screen...
http://www.geekuninstaller.com/
Just Double click on the program you want to uninstall.


Report •

#23
July 27, 2016 at 17:53:46
Thanks JohnW. I was not advised of your last communication, hence the delay.

Report •

#24
July 27, 2016 at 18:09:08
Thanks for letting me know JohnG.nz

Report •


Ask Question